sshd stops accepting connections

Doug White dwhite at gumbysoft.com
Wed Nov 17 19:15:09 PST 2004 

On Fri, 12 Nov 2004, Simon L. Nielsen wrote:

> Today I suddenly couldn't log in via ssh to a server I upgraded to
> FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
> telnet(1) the following just happend:
>
> [simon at zaphod:~] telnet 192.168.3.2 22
> Trying 192.168.3.2...
> Connected to jet.nitro.dk.
> Escape character is '^]'.
> Connection closed by foreign host.

You get this if:

. hosts.allow doesn't allow the client to connect.
. sshd can't fork the child to handle the connection.
. PAM is messed up and causes the PAM thread to abend.
. the sshd privsep user has gone missing

> The servar had been running FreeBSD 5.2.1 for a while without
> problems.  After logging in on the console and sending the sshd master
> process a -HUP I could log in again (and I get the normal banner when
> connecting to the port with telnet(1)).  I can't rally see in the log
> what happened, but there is a lot of "stale" sshd's hanging around,
> like:
>
> root    46015  0,0  0,4  4928 2220  ??  I    Ons08pm   0:00,01 sshd: blah [pam] (sshd)
> root    58286  0,0  0,4  4920 2236  ??  Is   Tor12pm   0:00,04 sshd: pascal [priv] (sshd)
> sshd    58287  0,0  0,0     0    0  ??  Z    Tor12pm   0:00,03 <defunct>
> root    58288  0,0  0,4  4928 2236  ??  I    Tor12pm   0:00,01 sshd: pascal [pam] (sshd)
> root    58932  0,0  0,4  4920 2236  ??  Is   Tor01pm   0:00,05 sshd: ole_gudiksen [priv] (sshd)
> sshd    58934  0,0  0,0     0    0  ??  Z    Tor01pm   0:00,06 <defunct>
> root    58935  0,0  0,4  4928 2236  ??  I    Tor01pm   0:00,01 sshd: ole_gudiksen [pam] (sshd)

What ps is this? I didn't think FreeBSD's ps ouptut <defunct>.

> From all.log:
>
> Nov 11 12:04:38 nfishbone sshd[58286]: fatal: Timeout before authentication for 82.211.207.191
> Nov 11 13:02:34 nfishbone sshd[58932]: fatal: Timeout before authentication for 192.38.66.33

These are genrally normal and probaly not related to your problem...

> The only odd thing I could find in the logs with regard to ssh was a
> few lines like:
>
> Nov 11 22:35:49 nfishbone sshd[62378]: syslogin_perform_logout: logout() returned an error

These are also OK and not related to your problem.

-- 
Doug White                    |  FreeBSD: The Power to Serve
dwhite at gumbysoft.com          |  www.FreeBSD.org

More information about the freebsd-stable mailing list